MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 720c545a5534fc7bf17f15e77dabbb5ebd4216542775e3e211c47bb1a5c50448. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 720c545a5534fc7bf17f15e77dabbb5ebd4216542775e3e211c47bb1a5c50448
SHA3-384 hash: 8c9b1a4e674d198b2404f7040c4e295782247ccd9a0ca413837c236a2a1773da6968f1ee23dfea6ebe2bc7353d4428eb
SHA1 hash: 272b89ff834656e043d0ab157e647dd2d4b24795
MD5 hash: 84809970515691f30fde18761f5f9a4e
humanhash: music-freddie-video-diet
File name:c.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:718 bytes
First seen:2025-08-07 06:22:41 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3sSUEr5sSYIxapFHF55sSvf5sS/AKM55sSgp5sSU/U5sSpqqC55sSDm25sSfsK:3J3s5CunGaDfuKurKM5uBudUuWvC5u1A
TLSH T1AE01E19F18D7769292B85E9CB663D15CD101D0C8A4FF27C9E5644C2481D8321F2EC7B5
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://66.63.187.141/larm4a2f79b984b9120fdbe336b6801f4f745751be878d22fae1200951c3671af16dd MiraiDEU elf gafgyt geofenced mirai ua-wget
http://66.63.187.141/larm5def2ada2b4b3e56153d1acfb2ff5c0c6a5ef279a026899c8b98e7e79822ffcc5 MiraiDEU elf gafgyt geofenced mirai ua-wget
http://66.63.187.141/larm6dfc1186a9e6afbe40937682af7edb89f9fb2931bdf58946354b574014a89667c Miraielf mirai ua-wget
http://66.63.187.141/larm78ddeac81221f80b234e76ee908d12d1075adcacd05b541fde9c3001839f03dbc MiraiDEU elf geofenced mirai ua-wget
http://66.63.187.141/lsh46205a1abcf294fd929f9335c64c0a0b77c42e1604613d110a5a99ed419a26628 Miraielf mirai ua-wget
http://66.63.187.141/larca2d0fc472eca4df3beb5008a02ada4c140418c12aaac11b38b4d41a4244ebadb Miraielf gafgyt mirai ua-wget
http://66.63.187.141/lmips2371828e7734b156b6d1a53c54970ba164c6b28e4fdc6db385ae9549ccdc3c69 MiraiDEU elf geofenced mirai ua-wget
http://66.63.187.141/lmpsladb5177ed548c8ef27c0bd431503021d0e3af507b7f0f865967fa3a02059165e MiraiDEU elf geofenced mirai ua-wget
http://66.63.187.141/lspceab8c7128e534c5e3cf8fb995bdd16aa467ce786ad8ea834df2132870927eb4f Miraielf mirai ua-wget
http://66.63.187.141/lx86584342ec4fd8fefc59c7fbfbcab72f41f277439780500f25469b92ef30a67fab Miraielf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6894466ea67ac4b37a4d9f83/reports/651a8d8c-4380-48e8-9a09-c6b32e5bf288/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9c8ab490-bc22-4f17-98bf-bce55920ef7c
Behavior Graph:
Download SVG
%3 guuid=82a24714-1800-0000-bec7-9c33880c0000 pid=3208 /usr/bin/sudo guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209 /tmp/sample.bin guuid=82a24714-1800-0000-bec7-9c33880c0000 pid=3208->guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209 execve guuid=946f7917-1800-0000-bec7-9c338a0c0000 pid=3210 /usr/bin/curl guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=946f7917-1800-0000-bec7-9c338a0c0000 pid=3210 execve guuid=b69b9f1e-1800-0000-bec7-9c338b0c0000 pid=3211 /usr/bin/chmod guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=b69b9f1e-1800-0000-bec7-9c338b0c0000 pid=3211 execve guuid=9231ef1e-1800-0000-bec7-9c338c0c0000 pid=3212 /usr/bin/dash guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=9231ef1e-1800-0000-bec7-9c338c0c0000 pid=3212 clone guuid=c1fdff1e-1800-0000-bec7-9c338d0c0000 pid=3213 /usr/bin/curl guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=c1fdff1e-1800-0000-bec7-9c338d0c0000 pid=3213 execve guuid=46ee3821-1800-0000-bec7-9c338e0c0000 pid=3214 /usr/bin/chmod guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=46ee3821-1800-0000-bec7-9c338e0c0000 pid=3214 execve guuid=950c9021-1800-0000-bec7-9c338f0c0000 pid=3215 /usr/bin/dash guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=950c9021-1800-0000-bec7-9c338f0c0000 pid=3215 clone guuid=b860a821-1800-0000-bec7-9c33900c0000 pid=3216 /usr/bin/curl guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=b860a821-1800-0000-bec7-9c33900c0000 pid=3216 execve guuid=3f85c423-1800-0000-bec7-9c33920c0000 pid=3218 /usr/bin/chmod guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=3f85c423-1800-0000-bec7-9c33920c0000 pid=3218 execve guuid=4df23424-1800-0000-bec7-9c33930c0000 pid=3219 /usr/bin/dash guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=4df23424-1800-0000-bec7-9c33930c0000 pid=3219 clone guuid=0b254d24-1800-0000-bec7-9c33940c0000 pid=3220 /usr/bin/curl guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=0b254d24-1800-0000-bec7-9c33940c0000 pid=3220 execve guuid=a6141e26-1800-0000-bec7-9c33980c0000 pid=3224 /usr/bin/chmod guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=a6141e26-1800-0000-bec7-9c33980c0000 pid=3224 execve guuid=53ba6e26-1800-0000-bec7-9c339a0c0000 pid=3226 /usr/bin/dash guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=53ba6e26-1800-0000-bec7-9c339a0c0000 pid=3226 clone guuid=a3f78326-1800-0000-bec7-9c339c0c0000 pid=3228 /usr/bin/curl guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=a3f78326-1800-0000-bec7-9c339c0c0000 pid=3228 execve guuid=f785442a-1800-0000-bec7-9c33a60c0000 pid=3238 /usr/bin/chmod guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=f785442a-1800-0000-bec7-9c33a60c0000 pid=3238 execve guuid=77467b2a-1800-0000-bec7-9c33a70c0000 pid=3239 /usr/bin/dash guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=77467b2a-1800-0000-bec7-9c33a70c0000 pid=3239 clone guuid=d25a8e2a-1800-0000-bec7-9c33a80c0000 pid=3240 /usr/bin/curl guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=d25a8e2a-1800-0000-bec7-9c33a80c0000 pid=3240 execve guuid=2b59082c-1800-0000-bec7-9c33ae0c0000 pid=3246 /usr/bin/chmod guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=2b59082c-1800-0000-bec7-9c33ae0c0000 pid=3246 execve guuid=09b5582c-1800-0000-bec7-9c33b00c0000 pid=3248 /usr/bin/dash guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=09b5582c-1800-0000-bec7-9c33b00c0000 pid=3248 clone guuid=328b6f2c-1800-0000-bec7-9c33b10c0000 pid=3249 /usr/bin/curl guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=328b6f2c-1800-0000-bec7-9c33b10c0000 pid=3249 execve guuid=c785622e-1800-0000-bec7-9c33b20c0000 pid=3250 /usr/bin/chmod guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=c785622e-1800-0000-bec7-9c33b20c0000 pid=3250 execve guuid=f89bb12e-1800-0000-bec7-9c33b30c0000 pid=3251 /usr/bin/dash guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=f89bb12e-1800-0000-bec7-9c33b30c0000 pid=3251 clone guuid=1c20c12e-1800-0000-bec7-9c33b40c0000 pid=3252 /usr/bin/curl guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=1c20c12e-1800-0000-bec7-9c33b40c0000 pid=3252 execve guuid=6f2bca30-1800-0000-bec7-9c33b50c0000 pid=3253 /usr/bin/chmod guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=6f2bca30-1800-0000-bec7-9c33b50c0000 pid=3253 execve guuid=9e591c31-1800-0000-bec7-9c33b60c0000 pid=3254 /usr/bin/dash guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=9e591c31-1800-0000-bec7-9c33b60c0000 pid=3254 clone guuid=cec33731-1800-0000-bec7-9c33b70c0000 pid=3255 /usr/bin/curl guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=cec33731-1800-0000-bec7-9c33b70c0000 pid=3255 execve guuid=43b30f33-1800-0000-bec7-9c33b90c0000 pid=3257 /usr/bin/chmod guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=43b30f33-1800-0000-bec7-9c33b90c0000 pid=3257 execve guuid=5cfda133-1800-0000-bec7-9c33ba0c0000 pid=3258 /usr/bin/dash guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=5cfda133-1800-0000-bec7-9c33ba0c0000 pid=3258 clone guuid=3a81b033-1800-0000-bec7-9c33bb0c0000 pid=3259 /usr/bin/curl guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=3a81b033-1800-0000-bec7-9c33bb0c0000 pid=3259 execve guuid=eb128a39-1800-0000-bec7-9c33c60c0000 pid=3270 /usr/bin/chmod guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=eb128a39-1800-0000-bec7-9c33c60c0000 pid=3270 execve guuid=514cc239-1800-0000-bec7-9c33c80c0000 pid=3272 /usr/bin/dash guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=514cc239-1800-0000-bec7-9c33c80c0000 pid=3272 clone guuid=389ad039-1800-0000-bec7-9c33c90c0000 pid=3273 /usr/bin/rm delete-file guuid=622a0a17-1800-0000-bec7-9c33890c0000 pid=3209->guuid=389ad039-1800-0000-bec7-9c33c90c0000 pid=3273 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/720c545a5534fc7bf17f15e77dabbb5ebd4216542775e3e211c47bb1a5c50448
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/720c545a5534fc7bf17f15e77dabbb5ebd4216542775e3e211c47bb1a5c50448/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/720c545a5534fc7bf17f15e77dabbb5ebd4216542775e3e211c47bb1a5c50448
Threat name:
Document-HTML.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-08-07 06:23:40 UTC
File Type:
Text (Shell)
AV detection:
10 of 23 (43.48%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oigfiwsvgt6hx4l7cxtx3k53l26uefsue526hyqryr53djofarea._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250807-g5vb9sdj7x/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/720c545a5534fc7bf17f15e77dabbb5ebd4216542775e3e211c47bb1a5c50448

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 720c545a5534fc7bf17f15e77dabbb5ebd4216542775e3e211c47bb1a5c50448

(this sample)

Mirai

elf b4294bf940ee52273777a7b06d38cb42fb051742ede8e2cc574f6f74f9c9bb93

  
URLhaus
https://urlhaus.abuse.ch/url/3594261/
  
Delivery method
Distributed via web download
  
Dropping
MD5 45cf6772c8cb0f1f04fd8361802b0e62
  
Dropping
SHA256 b4294bf940ee52273777a7b06d38cb42fb051742ede8e2cc574f6f74f9c9bb93

Comments